Category: Linux CLI

Firewall script without service

Sometimes on Linux systems for one reason or another it is not practical to use the built-in iptables-services or iptables-persistent to handle your firewall rules. For example, cPanel/WHM manages its own firewall rule set and does not care what is in the normal iptables rules file.

A very straight forward solution to this is run a script in cron to check if your rules exist presently and if not, add them.

#!/bin/bash
# firewall.sh
# This script is run with cron to make sure iptables rules to block Portmap are present

function addrules {
  iptables -I INPUT -m tcp -p tcp --dport 111 -j DROP -m comment --comment "Portmapper Vulnerability"
  iptables -I INPUT -m udp -p udp --dport 111 -j DROP -m comment --comment "Portmapper Vulnerability"
}

numrulesfound=$(iptables -nL |grep -c "Portmapper Vulnerability")

if [ $numrulesfound -eq 0 ]; then
  echo "Portmapper iptables rules NOT found, adding"
  addrules
elif [ $numrulesfound -gt 0 ]; then
  echo "$numrulesfound Portmapper iptables rules found, exiting"
fi

And some kind of cron to run it periodically:

0 * * * * /root/firewall.sh > /dev/null 2>&1
, , , ,
MariaDB logo

MariaDB logo

Moving MariaDB Data Drama

For those of you who work with MySQL on CentOS or RedHat servers on a regular basis, running out of room for large MySQL databases on the root partition is pretty common.¬† The default options in the OS installer suggest a 30GB root partition which has probably been the default value for at least ten years.¬† Normally, this is easy to remedy. However, I was trying this on a server with MariaDB …

Trying this both via editing my.cnf and by simply a symlink produces failure:

Sep 14 16:49:06 id27131.1wpo.com mysqld[22796]: 2017-09-14 16:49:06 140313610287360 [Note] /usr/sbin/mysqld (mysqld 10.1.26-MariaDB) starting as process 22796 …
Sep 14 16:49:06 id27131.1wpo.com mysqld[22796]: 2017-09-14 16:49:06 140313610287360 [Warning] Can’t create test file /var/lib/mysql/id27131.lower-test64 ID=15680 PROTO=UDP SPT=53 DPT=60246 LEN=192 UID=25 GID=25

Looks like it may be due to a bug with mariadb!

A tutorial on DO says you need to specify the socket for the MySQL client.. i didnt even try that as mysqld fails to start!
Seems like this would have to be done by changing  the variable basedir not datadir, I have yet to try that.

[Top]

Less Syntax Highlighting on Ubuntu 16.04 and Debian 8

Looking at shell scripts or just about anything without highlighting is painful. I use less a lot to page through long stuff, so why not have some color?

sudo apt install source-highlight

then add the following to your .bashrc:

export LESSOPEN="| /usr/share/source-highlight/src-hilite-lesspipe.sh %s"
export LESS=" -R "

This is modified from a script on GitHub. That script is specific to CentOS

[Top]